Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: HTTP Header Usage Statistics - Internet Security | DShield HTTP Header Usage Statistics


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This is a continuation of work started by Brough Davis as part of his software security project for his Masters in Information Security Engineering. The main goal of this project is to find how many sites use security relevant headers, like for example the X-XSS-Protection or X-Frame-Options headers.

Below you will find a table/histogram showing how many times we found each header (security relevant or not). We access the index page of each site using a "head" request. The list of sites is derived from Alexa's Top 1 Million sites. We try to poll as many sites as possible each day.

As we collect more data, we will plot changes over time.



All Headers Active In The Past Month
Header Popularity
Set-Cookie
Content-Type
Date
Connection
Server
Cache-Control
Vary
Expires
Content-Length
X-Frame-Options
Strict-Transport-Security
X-Content-Type-Options
Accept-Ranges
Last-Modified
Pragma
X-Powered-By
Link
ETag
CF-RAY
X-XSS-Protection
Expect-CT
Via
Age
X-Cache
Content-Security-Policy
Access-Control-Allow-Origin
Content-Language
P3P
X-UA-Compatible
X-Cache-Hits
X-Amz-Cf-Pop
X-Amz-Cf-Id
Referrer-Policy
X-Served-By
X-Varnish
CF-Cache-Status
X-Timer
X-Request-Id
Access-Control-Allow-Headers
Access-Control-Allow-Methods
X-Xss-Protection
X-AspNet-Version
X-Download-Options
Access-Control-Allow-Credentials
X-Runtime
X-Drupal-Cache
X-Adblock-Key
Alt-Svc
X-Check
X-Cacheable
X-Cache-Status
Content-Security-Policy-Report-Only
X-Generator
X-Request-ID
CF-Ray
X-DNS-Prefetch-Control
X-Permitted-Cross-Domain-Policies
X-AspNetMvc-Version
X-Template
X-Language
Status
X-Iinfo
Content-Encoding
Timing-Allow-Origin
X-FRAME-OPTIONS
X-Content-Security-Policy
X-Buckets
Upgrade
Xkey
X-Turbo-Charged-By
X-Kinja-Server-Push
X-CDN
Keep-Alive
Access-Control-Expose-Headers
X-AH-Environment
X-Backend
Access-Control-Max-Age
X-Cache-Group
X-Pass-Why
X-Drupal-Dynamic-Cache
X-Age
X-Server
X-Ua-Compatible
X-Pingback
X-Via
X-Proxy-Cache
X-Amz-Request-Id
X-Amz-Id-2
Grace
X-Hacker
X-Varnish-Cache
X-Page-Speed
X-Robots-Tag
WPE-Backend
X-Server-Powered-By
X-Nginx-Cache-Status
X-UA-Device
EagleId
Request-Context
X-Envoy-Upstream-Service-Time
P3p
Cf-Railgun
X-Amz-Version-Id
X-LiteSpeed-Cache
X-Swift-SaveTime
X-Swift-CacheTime
X-Pantheon-Styx-Hostname
X-Styx-Req-Id
X-OneAgent-JS-Injection
Ali-Swift-Global-Savetime
X-Device
X-WebKit-CSP
Server-Timing
Allow
X-Rq
X-Ac
X-Node
X-Host
X-Server-Id
Content-Location
Feature-Policy
X-Cnection
X-Response-Time
Report-To
X-CST
X-Backend-Server
X-Cloud-Trace-Context
EagleEye-TraceId
X-Application-Context
Surrogate-Control
X-ORACLE-DMS-ECID
X-Iejgwucgyu
X-Url
Request-Id
X-Origin-Cache
X-Readtime
X-Rack-Cache
X-Country
X-FTR-Request-ID
X-Cache-Lookup
X-Clacks-Overhead
X-Country-Code
Rating
NEL
X-Instart-Request-ID
X-EdgeConnect-MidMile-RTT
X-EdgeConnect-Origin-MEX-Latency
X-Ruxit-JS-Agent
X-Vhost
X-Type
X-DynaTrace
X-Cdn
Pinterest-Generated-By
X-DataDome
X-Mod-Pagespeed
X-Origin-Upstream-Status
Edge-Control
X-Px
X-Goog-Hash
Accept-CH
X-HW
Verso
X-Dispatcher
X-ORACLE-DMS-RID
X-Server-Name
MS-Author-Via
X-Upstream-Env
X-VARITI-CCR
X-ESI
AR-ATIME
AR-CACHE
AR-PoweredBy
Arc-Version
X-Mobile-Rewrite
PB-RID
PB-PID
X-MS-InvokeApp
X-GitHub-Request-Id
X-Exp-Variant
X-Kinja-Server
X-Use-Magma
X-GoogleNews-Bot
X-Exp-Id
X-Cdn-Fetch
X-Kinja
X-Kinja-Revision
X-Kinja-Build
X-DataStream-Cache-Status
X-Cached
Public-Key-Pins
X-Powered-By-Plesk
Content-MD5
X-Version
X-TTL
Service-Worker-Allowed
Accept-CH-Lifetime
X-Recruiting
AR-Request-ID
Charset
X-D2id
RTSS
X-Navigation-Version
X-Amz-Server-Side-Encryption
X-Abt-Application-Version
X-Vname
X-PC
X-TtlSet
X-Ser
Ar-Sid
X-Vcap-Request-Id
X-Varnish-TTL
X-SRCache-Store-Status
X-SRCache-Fetch-Status
X-Forwarded-Proto
X-Client-IP
X-Trace
SPRequestGuid
Nginx-Cache
X-DynaTrace-JS-Agent
X-FTR-Backend
X-FTR-Realm
X-Server-ID
X-FTR-Cache-Status
X-FTR-Balancer
X-FTR-Backend-Server
X-FTR-DC
X-Country-Code-Real
X-FTR-Expires
X-Webkit-CSP
X-Goog-Stored-Content-Length
X-Goog-Metageneration
X-Goog-Stored-Content-Encoding
X-Goog-Generation
DynaTrace
X-Amz-Rid
X-Amz-Meta-S3cmd-Attrs
X-VCache
S
X-Fastly-Request-ID
X-XRDS-Location
X-Debug
X-SharePointHealthScore
X-Hits
TCN
X-TEC-API-ORIGIN
X-TEC-API-ROOT
X-TEC-API-VERSION
Pinterest-Version
X-Pinterest-Rid
X-Upstream-Proxy
X-Dw-Request-Base-Id
Arr-Disable-Session-Affinity
X-Shield-Request-Id
X-Akam-SW-Version
SPIisLatency
X-Powered-CMS
SPRequestDuration
X-Oracle-Dms-Rid
X-T
X-FTR-Cache-Host
Access-Control-Request-Method
X-Goog-Storage-Class
Realpath
X-Id
X-Aspnet-Version
X-NF-Request-ID
X-Acc-Meta-Resource-Type
X-MSEdge-Ref
Tracecode
X-Amzn-Trace-Id
Front-End-Https
X-B3-TraceId
X-N
Fastcgi-Cache
X-Varnish-Age
X-Content-Type
X-Ttl
X-Forwarded-For
Paypal-Debug-Id
X-Upstream
Mrf-Cache-Status
X-B3-TraceId-Primal
X-Mrf-Item-Lastmod
X-Mrf-Section-Lastmod
MRF-Tech
Alternate-Protocol
X-Fastcgi-Cache
X-Frontend
X-PressLabs-Stats
X-Logged-In
X-Content-Digest
X-HS-Content-Id
X-HS-Hub-Id
X-RateLimit-Remaining
Fusion-Source
Fusion-Component-Id
Fusion-Content-Source
Fusion-Template-Id
Fusion-Content-Id
X-Middleton-Display
X-Sol
Response
Display
X-Middleton-Response
X-Litespeed-Cache
X-Srv
X-Pad
X-Hostname
X-B3-Traceid
AMP-Access-Control-Allow-Source-Origin
X-Cache-Key
X-Accel-Expires
Host
MicrosoftSharePointTeamServices
X-DataStream-Origin-MEX-Latency
X-DataStream-MidMile-RTT
Server-Name
X-Correlation-Id
X-Kinsta-Cache
X-Analytics
Backend-Timing
X-Revision
X-Debug-Info
X-AppVersion
X-LB-Cache
X-B3-Sampled
X-User-Agent
ServerID
X-Az
X-Activity-Id
X-Rid
X-Content-Options
X-Amz-Apigw-Id
Surrogate-Key
X-IPLB-Instance
X-Amzn-RequestId
X-Cache-Hit
FilterID
Accept-Charset
X-Grace
X-Cache-2
Refresh
Powered-By-ChinaCache
X-CF-Powered-By
X-B
X-Request-Processing-Time
X-Request-Received
X-Page-Id
TP-Cache
TP-L2-Cache
X-Whom
MS-CV
X-Accel-Buffering
X-DIS-Request-ID
Server-Info
Host-Header
X-Cached-By
X-PHP-Backend
Cache-Status
X-Ruxit-Js-Agent
X-Varnish-Backend
X-TT
X-Amz-Replication-Status
X-Cache-Action
X-Content-Security-Policy-Report-Only
X-Origin-Server
X-Akamai-Edgescape
X-App-Environment
VIX-Pulpo-Upstream-Status
Source
VIX-Pulpo-Node
X-Mobile
X-Tumblr-User
X-Tumblr-Pixel
X-F-Cache
X-Tumblr-Pixel-0
X-Platform-Server
X-Framework
X-Cluster
Access-Control-Allow-Method
X-Varnish-Grace
X-Content-Powered-By
X-GUploader-UploadID
X-FW-Serve
X-FW-Server
X-FW-Static
X-FW-Type
X-Kong-Upstream-Latency
X-UA-Device-Type
X-Request-Guid
X-Instance
X-Kong-Proxy-Latency
X-FB-Debug
X-Drupal-Cache-Tags
X-FW-Hash
PageSpeed
X-Forwarded-Host
Edge-Cache-Tag
X-Ezoic-Cdn
X-Geo-Country
X-Node-Name
X-RateLimit-Limit
X-Shard
X-FastCGI-Cache
X-Zen-Fury
X-TA-CDN-Provider
X-Handled-By
X-Cache-TTL
X-SS-Set-Cookie
X-Magnolia-Registration
From-Origin
X-Varnish-Hostname
Fastly-Restarts
Cache-Tags
X-Cache-Age
X-BCube-Filmed-By
X-ATG-Version
X-AOL-HN
X-Cache-Control
X-Varnish-Server
X-Cache-Rule
DC
Healthy
Upgrade-Insecure-Requests
Cleartype
X-SERVER
X-App-Server
Server-Node
Payment
X-RequestSource
Retry-After
X-Response-Served-From
X-Storage
X-TX-ID
X-WebKit-CSP-Report-Only
X-Signature
X-Region
X-B-Cache
X-Adobe-Content
X-Adobe-Loc
Country
X-GeoIP
X-Redis-Cache
Ms-Operation-Id
Filters
Actual-Object-TTL
X-TT-TIMESTAMP
X-RTag
X-VG-WebCache
X-Tumblr-Pixel-1
X-UUID
X-Dns-Prefetch-Control
X-Tumblr-Pixel-2
X-FW-Dynamic
Cache-Tv-Group
X-Generated-By
Powered
X-Drupal-Cache-Contexts
X-Jobs
X-Varnish-Hits
X-Locale
X-Content-Age
X-XRDS-LOCATION
X-Cacheable-TTL
Webserver
CACHE
Frame-Options
NGB
X-Esi
GEO-INFO
ServedBy
X-WA-Info
X-Oneagent-Js-Injection
X-Contextid
Liferay-Portal
HitType
X-Yottaa-Metrics
X-Yottaa-Optimizations
X-Rendered-As
X-Cache-NE
X-ProcessESI
X-RemovedCookies
X-Varnish-IP
X-Cache-TTL-Remaining
X-Real-IP
Eomportal-Instance
X-Guploader-Uploadid
X-Via-JSL
X-Seen-By
X-Cache-Operation
X-BACKEND-TTL
X-Upgrade-Enabled
S-Cnection
X-Time
Viewport
X-Mode
X-NWS-LOG-UUID
Xserver
X-Varnish-Cache-Hits
X-Is-Bot
X-Cache-Server
NtCoent-Length
Load-Balancing
X-From
OT-Force-Account-Verify
Mn-Server-Ip
X-RN-RSRV
Meta-Geo
X-Zipkin-Id
X-Routing-Service
X-Path-Route
X-Proto
X-Cache-Enabled
X-ES-SERVER
Cache-Hits
X-Detected-As
Cache-Key
X-Device-Type
X-Cache-Var-Map
X-S
X-Hl-Ver
Machine
X-Cache-Var
X-Proxied
Mail-Subject
X-Origin-Hint
X-LJ-Flow-ID
X-Rocket-Nginx-Bypass
X-R9-Blue-Green-Version
X-Backend-Name
TWC-GeoIP-LatLong
X-Cache-Config
X-Akamai-Transformed
X-FB-TRIP-ID
X-Time-Microsecs
X-Environment-Context
TWC-GeoIP-Country
X-L-Path
TWC-Privacy
NGX
X-Proxy
X-VG-TLSProxy
Webcakes-Region
TWC-Locale-Group
X-Tb
We-Hiring
Property-Id
Webcakes-App-Version
Vix-Hermes-Req-Id
X-Viewer-Country
Access-Control-Request-Headers
X-FC-Vary-Parameters
X-AWS-Id
L5d-Success-Class
Webcakes-App-Name
TWC-Connection-Speed
X-VWS-Id
TWC-Device-Class
X-Hosted-By
Azure-Version
Azure-SiteName
Azure-RegionName
Azure-InstanceId
Azure-SlotName
X-Origin-Response-Time
DB-Nickname
X-Akamai-Request-ID
X-Access
X-FW-Version
X-Vgn-Hpd-Reason
Origin-Cache-Control
X-Tumblr-Pixel-3
X-Format
Datacenter
Content-Style-Type
S-Rt
X-Web-Node
Origin-Edge-Control
Content-Script-Type
LB
X-ServerID
X-RCS-CacheZone
X-EIG-Tracking-Id
X-Debug-Cache
X-MP-GENERATED-AT
X-NCache
X-Loop
Now
X-Labrador-Cache-Channel
X-TNCMS
X-Section
Selected-FE
X-ProxyCache-Status
X-IP
X-JoinUs
X-BYPASS-REASON
X-Human
X-Cache-Remote
X-Trace-Id
X-Via-Fastly
X-Proxy-Build
X-CCM
X-OCL
X-Xfnlog-Site
X-PCL
X-Timing-Wait
X-ProxyCache-Key
X-Via-CDN
X-Grey
Cache-Tag
X-Cache-Category-Id
X-Site-Version
X-Generated
X-Www-Served-By
Uber-Trace-Id
X-Internal-Host
X-Endurance-Cache-Level
X-Birta-Served
X-VC-Cache
X-Birta-Cache-Post
X-Dynatrace-Js-Agent
X-Varnish-Cacheable
X-UnsetCookies
X-Status
Decoy-Debug-Key
Decoy-Debug-Status
Decoy-Debug-TTL
Served-By
X-Rule
X-GRACE
X-Newrelic-App-Data
Release
X-UA
X-EdgeConnect-Cache-Status
Nel
X-CDN-Cache
X-APP-VERSION
X-Cluster-Node
AsisCache
X-Wix-Server-Artifact-Id
X-TIME
X-Request-Time
X-Ua
X-B3-Spanid
Rt-Fastcgi-Cache
X-App-Name
X-Nginx-Cache
X-Wix-Request-Id
X-Origin-Host
X-PERF
ViewerVersion
X-ApacheServer
DSUID
X-Source
X-OVcl
X-OVcl-Cache
X-Sucuri-ID
X-Goog-Meta-Goog-Reserved-File-Mtime
X-Origin
X-Hit
X-VCT
X-NewRelic-App-Data
X-Agile
X-Agile-Id
X-Agile-Age
SRV
Cache-Name
Hostname
X-App-Version
X-Origin-CC
X-Origin-TTL
X-Pubstack
X-ElasticPress-Search
X-Processor
Memcached
Lfy
X-Application
X-Cache-Expires
X-A-Wwc
MD5-Digest
X-Instart-Isnd
X-VG-WebServer
X-Cache-Info
X-Refresh
X-Region-Sid
X-IN-WAF
X-A-Dgt
Origin
X-Cache-Grace
Node
X-ARC
On-Server
X-Reboot
Meta-Geo-Continent
FNAC-ModuleRouting
X-Aed
X-NX-Host
Cache-Prefix
X-Mobile-URL
Cross-Origin-Window-Policy
X-NU-AKA-ACS-Version
BehaviorPad-Version
X-Gannett-Site-Version
Arc-Country
X-Cache-Host
X-NodeID
Ec-Rule-Version
X-Matched-Rule
Fly-Cache
Fly-Request-Id
X-Cache-Miss-From
X-Logtrace-Id
X-B-Cookie
X-Cache-ASPX
X-ServiceProvider
X-Accel-Expires-Debug
X-Server-Group
X-PAYTM-SRV-ID
X-Platform
X-IN-APIGATEWAY
X-Debug-Cache-Expiry
Www
X-Debug-Cache-Fetch
X-Generated-In
X-SRCache-Key
X-A
X-Date
X-A-Ccd
Server-Surrogate-Control
X-Secret
Thinkindot-CacheControl
X-D
X-Debug-Cache-Store
UCS
X-Debug-Log
Thinkindot-CacheControl-Type
X-Trv-Group
X-Transaction
X-Destination
X-Twitter-Response-Tags
X-Developer
X-External-Request-Id
Thinkindot-Control
X-S-Cookie
X-ScT
X-Debug-Cookies
X-A-Dam
Server-Host
Rendered-Blocks
Xc-Version
X-G
Warning
X-Rewrite-Enabled
X-CF-Lambda-Version
X-CF-Lambda-Fn
X-Hp-Webp
X-Thinkindot-L3
X-Request-UUID
X-Varnish-Authentication
X-Webstats-RespID
X-Rojux
Request-Country
Request-Time
X-Sedo-Request-Id
Ajk
X-A-Dcw
Server-Cache-Control
X-DPWN-IS-SECURE
X-Core-Value
X-Var-Ttl
X-Connection-Hash
X-Up
Request-EU
X-F5-Cache
Cteonnt-Length
User-Cache-Control
X-Varnish-Ttl
X-CGP
Cache
Proxy-Connection
Pramga
X-Amzn-Remapped-Content-Length
X-Hnp-Log
RNT-Machine
X-Hash
X-Cdn-Srv
RNT-Time
X-Amzn-Remapped-Date
X-Key
X-Rebelmouse-Cache-Control
X-Level-Front-Cache
X-RateLimit-Remaining-Second
X-Irp-Debug
X-Cache-Id
X-Crawler
X-Info
Pagetype
X-Rebelmouse-Surrogate-Control
X-Request-URI
X-Amzn-Remapped-Connection
X-Distributor
X-SN
X-Distil-CS
X-Dispatcher-Server
X-SIPLIST1
X-Epic-Correlation-Id
X-Servername
X-Sf
X-Eu-Site
Web-Mar-Node
X-Gen-Mode
X-WPE-Loopback-Upstream-Addr
ServerName
Server-Int
X-Li-Fabric
X-Developers
X-Generated-On
X-Device-Os
X-Swa-Ws
True-Client-Country-4JS
X-Fetched-On
X-LAGOON
X-PHP-Host
X-RateLimit-Limit-Second
Fastly-SIE
Fastly-SWR
X-Cache-Backend
X-Nginx-Cache-Key
X-Cache-Debug
X-Cache-Bucket
Backend
X-Micro-Cache
X-Block-Status
X-Origin-Expires
Country-Code
Cache-Cookie-Set-Lfrom
Cache-Cookie-Set-Idcheck
Cache-Cookie-Set-From
X-Page-Type
X-Origin-Date
Apple-News-Services-Request-Url
Kp-EeAlive
IsBot
X-Protected-By
CDCHOST
X-Li-Pop
X-Qloud-Router
Apple-News-Services-Handled
X-Policy
Apple-News-Services-Host
X-LI-UUID
Gh-Request-Id
X-Location
Apple-News-Services-Parsed-Url
X-LI-Proto
Ha-Gx-Prefs
HA-Ipaddr
Pagespeed
X-FireWall-Port
X-Bip
X-Alternate-Cache-Key
X-Backend-Host
X-Gateway-Cache-Status
X-Cms-Context
X-Auto-Login
X-Cache-FS-Status
X-BBXSRF
X-Core-Mission
X-C
X-Backend-State
X-Backend-Url
X-Amz-Meta-Cache-Control
X-Gateway-Cache-Key
X-Fastly-Cache
X-BB-ID
AKAMAI
X-Apm-App-Name
X-Variation
X-User
X-Apm-Inst-Hash
User-Agent
V-Age
X-Wikidot-Static-Cache
X-Varnish-Beresp-Grace
X-Via-Edge
X-Gateway-Skip-Cache
X-Wikidot-Backend
X-Apm-Svc-Key
X-Cdn-Origin
X-Skip-Cache
X-Edge-Location
X-Shopify-Stage
X-ShopId
X-ShardId
X-Sorting-Hat-PodId
X-Sorting-Hat-ShopId
X-Server-Time
X-Sn-Servicetimems
X-S-Maxage
X-Thanos
X-Varnish-Beresp-Status
X-Via-SSL
Heartbleed
Fastly-SSL
Content-Disposition
X-MSEdge-Features
Is-Eu
Platform
X-Geo-Header
X-GeoIP-City
X-GeoIP-Country-Code
SD-X-WS
X-MSEdge-Flight
Fastly-Soc-X-Request-Id
X-Planisys-CDN-TTL
X-Planisys-CDN-Cache
X-Ocache
Adler-Geo
X-Server-IP
X-Planisys-CDN-Rules
X-GZip
X-Proxy-Cache-Status
HTTPS
X-RateLimit-Reset
X-Sucuri-Cache
X-TrackingId
X-Proxy-Upstream
X-No-Session
X-Exp-Se
REQUESTUUID
Rt-Proxy-Cache
X-TT-LOGID
X-ND-Cache
X-Geo
X-Owner
MIME-Version
X-Cdn-Forward
X-Edge-IP
X-NC
X-Real-Ip
X-Varnish-Url
Fastly-Backend-Name
Server-ID
X-Org
N-Cache
X-Served-From
Magicmarker
X-CDN-Forward
X-B3-Parentspanid
X-FPC
AR-SID
X-Node-Id
X-Gdpr
X-Aicache-OS
VivaBuild
Viewtype
X-Varnish-Beresp-Ttl
X-Git-Hash
X-Pjax-Url
Wxu-Next-Hostname
Wxu-Next-Commit
Wxu-Next-Region
X-Load-Cache
X-Host-Name
X-Parent-Response-Time
X-Dc
X-DC
X-CSRF-TOKEN
HostName
X-CUA
Powered-By
X-Datadome
Memory
Pragrma
CF-IPCountry
Time
X-Nc
X-Daa-Tunnel
X-Svr
X-Passed-To-DLL
X-Passed-To
X-Passed-To-BeforeDispatch
X-Stale
X-Returned-From-PostProcessResponse
Section-Io-Cache
X-Returned-From-DLL
X-Returned-From
X-Server-By
X-Wa
X-Returned-From-BeforeDispatch
X-CACHE-KEY
X-Servedbyhost
X-Passed-To-PostProcessResponse
Resin-Trace
X-Actual-URL
X-Release
PICS-Label
X-HS-Cache-Config
X-Original-Request
X-Oss-Request-Id
X-Oss-Server-Time
X-TH-Server
Host-ID
X-Oss-Hash-Crc64ecma
X-Oss-Object-Type
X-VServer
X-WebServer
X-Croise-Owner
X-Oss-Storage-Class
Cdn-Request-Time
Cdn-Host
X-Edge-Server
X-Phone
ProcessTime
X-Upstream-HT
X-Upstream-CT
X-Cache-HT
X-Newrelic-Synthetics
X-Optimization
Mime-Version
X-Tb-Optimization-Total-Bytes-Saved
X-From-Cache
X-Instart-Info
X-Varnish-Beresp-TTL
X-Unique-ID
Cdn
SID
Backend-Name
X-Lb-Id
X-Microcachable
CF-Cached-On
Cf-Ipcountry
X-Fastly-Backend-Reqs
X-Worker
X-Req
X-APP
X-Atg-Version
352pxline
188prxHost
355prline
409pxxline
X-Server-W
X-SERVER-NAME
XServer
Xxline
Fastcgi-Useragent
189phosttRef
178proxuri
225prxHost
219prxHost
Proxy-Firewall
286prxHost
Version
Processtime
X-V
X-LB-ID
X-B3-SpanId
X-ID
Odigeo-Trace-Id
X-Ratelimit-Remaining
X-Vcl-Version
X-Ratelimit-Limit
X-Microsite
X-Request-Handler-Origin-Region
X-HTML-Minification-Powered-By
X-Zone
X-Backend-TTL
X-CACHE-AGE
X-CLOUD-TRACE-CONTEXT
X-Akamai-Request-ID2
X-IPS-LoggedIn
X-Fstrz
X-WR-MODIFICATION
Esi-Enabled
X-Check-Cacheable
Accept-Language
X-VCL-Version
X-Nananana
X-Response-By
SN
X-NGINX-Cache
X-Vcache
GeoIP-City
X-UPSTREAM-Address
GeoIP-Country-Code
X-Contensis-Viewer-Groups
X-AssetVersion
GeoIP-Latitude
X-WA
X-URL
X-Ratelimit-Reset
GMS-Ver
Pics-Label
X-HS-Status
X-ServedByHost
X-CSRF-Token
X-Be
X-ZONE
X-Vtex-Remote-Cache
X-RequestId
X-Vtex-Processado-Em
DataCenter
Public-Key-Pins-Report-Only
X-Reqid
X-Urbn-Site-Id
X-Urbn-Context-Path
Locale
Geoip-Latitude
GeoIp-Country-Code
X-Via-NSCOPI
X-Hyper-Cache
Fastcgi-X-Cache-Version
WZWS-RAY
X-Dynatrace
X-Amz-Meta-Surrogate-Control
Geoip-City
X-NWS-UUID-VERIFY
GW-Server
X-Via-Ucdn
X-Hello
X-Flog
X-ABtesting
X-Request-Start
X-Render-Time
X-Fastly-Country-Code
CDN
WP-Super-Cache
X-Cdn-Cache
X-LiteSpeed-Cache-Control
X-GDPR
X-We-Are-Hiring
X-CS
Mobile-Detection-Method
X-Cache-Ttl
Countrycode
X-PJAX-URL
X-Clientip
IBM-Web2-Location
Dnion-Transfer-Encoding
X-UE-Client-Country
Ohc-File-Size
X-Unique-Id
X-GEO
X-BE
SS
URI
Requestid
Lb
X-Generation-Time
Amp-Access-Control-Allow-Source-Origin
X-SRV
Dynatrace
FastCGI-Cache
X-FORWARDED-FOR
X-HostName
X-Cluster-Name
X-NGENIX-Cache
Cneonction
X-Fpc
Serverid
X-HS-Combine-CSS
X-Gen-Id
X-Pf-Uncompressing
WebServer
X-GZIP
X-Bug-Bounty
X-PF-Uncompressing
FSS-Cache
FSS-Proxy
X-Test
X-LiteSpeed-Tag
X-Cache-URL
RequestUuid
X-Compress-Hint
A
X-Store
Server-Id
X-Akamai-SSL-Client-Sid
X-Dw-Trace-Id
X-Varnish-Action
X-Got-Non-Ke-Cookie
Who
GEO-REGION-INFO
Ohc-Cache-HIT
X-Request-Url
Frontcache
X-ServerName
NnCoection
X-Cdn-Request-ID
X-EC-Lua
X-HTML-Edge-Cache
X-Serial
Ohc-Response-Time
X-Html-Edge-Cache
X-Fastly-Cache-Hits